Quantum cryptography, quantum encryption, post-quantum cryptography, quantum-safe encryption, quantum-proof encryption, quantum-resistant encryption, quantum security, quantum communications – so many terms to describe similar, yet very different approaches to protecting information and ensuring secure communications in the era of quantum computing. How do these terms differ, and where do they fit in with a modern and sophisticated security strategy? With change happening so fast in this cutting-edge field, it’s no wonder that confusion abounds. Terms are thrown around faster than standard conventions can form, and they are often simply misused.
Meanwhile, executives are tasked with securing their organizations’ data now and into the future, preparing for the inevitability of quantum computing and the power—and pitfalls—it brings. With that in mind, we’ve put together this primer on the trends and technologies decision makers need to understand to bring their companies into this new era.
Quantum security also known as quantum encryption or quantum cryptography is the practice of harnessing the principles of quantum mechanics to bolster security and to detect whether a third party is eavesdropping on communications. Quantum encryption takes advantage of fundamental laws of physics such as the observer effect, which states that it is impossible to identify the location of a particle without changing that particle.
Quantum Key Distribution
Quantum Key Distribution, or QKD, is the best-known example of quantum cryptography today. By transferring data using photons of light instead of bits, companies can take advantage of photons’ no-change and no-cloning attributes, which means that a confidential key transferred in this way between two parties cannot be copied or intercepted secretly. In this system, if a third-party eavesdropping on their communications attempts to learn about the key being established, the photon carrying the key changes state and that key will automatically fail, alerting the two parties that their communication is not secure.
While conventional, public-key cryptography can be cracked or circumvented in a number of ways, QKD offers companies and government agencies the ability to share confidential, mission-critical data with each other in a fully secure, unbreakable way.
Post-quantum cryptography is a similar term that’s easily confused. While quantum cryptography describes using quantum phenomena at the core of a security strategy, post-quantum cryptography (sometimes referred to as quantum-proof, quantum-safe or quantum-resistant) refers to cryptographic algorithms (usually public-key algorithms) that are thought to be secure against an attack by a quantum computer. Post-quantum cryptography is all about preparing for the era of quantum computing by updating existing mathematical-based algorithms and standards.
Terms to know: Post-quantum cryptography refers to algorithms thought to have capabilities to secure against an attack by a quantum computer.
The security of most standard algorithms today relies on very difficult-to-solve mathematical problems. That means today’s public-key encryption protocols, like Secure Socket Layer (SSL) and Transport Layer Security (TLS), are sufficient for defending against most modern technology. But that won’t last. Quantum computers running Shor’s algorithm will be able to break those math-based systems in moments.
In addition, bad actors are already harvesting massive amounts of encrypted data and storing the records until they’re able to break those keys using quantum computing. So even data that is secure today isn’t safe from being decrypted tomorrow.
So what’s the solution? While industry bodies like NIST are hard at work calling on the collective brainpower of industry experts to develop mathematically based cryptographic algorithms (post-quantum cryptography) that would protect the public-key infrastructure, some predict these algorithms might not be available until the year 2023. This is especially worrisome if practical, quantum computers make their way into mainstream computing environments in the next three to five years as tech giants like Google, IBM, Microsoft and Intel make significant advancements in the field during their race for quantum supremacy.
To best prepare for the inevitable development and use of quantum computers, and to combat the very real and happening now, scraping attacks, organizations need to deploy next-generation data security solutions with equally powerful protection based on the laws of quantum physics – literally fighting quantum computers with quantum encryption.
Quantum Xchange gives companies and government entities the ability to share their most sensitive data in a way that is unbreakable now and into the future. Its QKD-as-a-Service offering, Phio, transmits and receives unbreakable quantum cryptographic keys over a fiber-optic network. And its point-to-point Trusted Node network allows this data to travel anywhere, well past the physical distances other companies are limited to. Why wait another decade to deploy a post-quantum security solution when Phio is here today?